Leak at LDLC
On 10 December 2024, French high-tech e-commerce retailer LDLC disclosed a data breach exposing personal data (names, email addresses, phone numbers) of both its online and in-store customers — potentially several million people — though it stated no financial or sensitive data was affected.
- Victim
- LDLC
On 10 December 2024, LDLC — a leading French online retailer of computer hardware and high-tech products — disclosed that it had suffered a cyberattack resulting in the theft of customer data. It was the second major breach to hit the Lyon-based group in 2024, and unlike the earlier incident (which affected roughly 1.5 million physical-store customers in early 2024), this one reportedly touched LDLC's entire customer base, both web and in-store, potentially exposing several million people.
In its statement, LDLC said an unauthorized intrusion into its systems had led to the exfiltration of personal customer data. The company emphasized that no financial information or sensitive data was affected. The precise attack vector was not disclosed, and the full scope was still being investigated at the time of the announcement.
Based on the company statement and press reporting, the exposed data was limited to contact and identity information:
- Names
- Email addresses
- Phone numbers
LDLC said it immediately mobilized security experts and partners to reinforce its existing protective measures, notified the relevant government authorities and the data-protection regulator (CNIL) under GDPR, and committed to informing affected customers directly once the analysis concluded. As of the disclosure, the investigation was ongoing.
Sources
- groupe-ldlc.comhttps://www.groupe-ldlc.com/information-relative-a-un-incident-de-cybersecurite-3/
- siecledigital.frhttps://siecledigital.fr/2024/12/11/deuxieme-vague-de-cyberattaque-ldlc-a-nouveau-touche-par-une-fuite-de-donnees/
- clubic.comhttps://www.clubic.com/actualite-546713-la-tuile-pour-ldlc-le-e-commercant-francais-revele-avoir-encore-ete-victime-d-une-grosse-cyberattaque-voici-ce-que-l-on-sait.html
- macg.cohttps://www.macg.co/ailleurs/2024/12/ldlc-nouvelle-fuite-de-donnees-de-clients-147781